Wireless technology has become very integrated in our professional and personal lives, at this time, so we cannot imagine life without it.
Businesses rely heavily on wireless technology to carry out their operations, cellular network providers use it to transfer voice and data over very long distances, and it provides the average user with Internet access at any time when traveling.
However, while we simply take advantage of wireless technology access, are we aware of security risks when using it?
On this blog, we talk to John Battam, he is a Systems Engineer at Fortinet Australia and focuses on the Fortinet wireless business throughout the Asia Pacific region. John specializes in delivering wireless solutions, and as demand for wireless infrastructure continues, his role is to develop new approaches to ensure that he can meet the demands of the next day.
How has Wireless grown and developed over the years?
From a Wireless network perspective, 802.11 (Wi-Fi) has evolved from technology that industry leaders often ridiculed in the late nineties as something that would never ‘take off’. However, today it is now the primary connectivity method for almost all devices connected at the edges of all modern home, medium and enterprise networks. This evolution is extraordinary, because it has created the cordless world that we enjoy today.
Why is wireless digital security generally ignored?
In general, wireless standards do not take into account high levels of security. Even though there are safer encryption methods today, many weaker versions such as WPA and WEP are still used internationally. This is mainly because certain older devices do not support newer methods that are much safer.
Take WPA2-PSK (Wi-Fi Protection Access 2 – Pre-Shared Key), which uses CCMP / AES – this is a 128bit encryption process and very secure. However, even with this better system, everyone shares the same Pre-Shared Key (PSK), which opens another door to vulnerability.
PSK is a security mechanism used to authenticate and validate users on a wireless connection. So, even though the level of encryption increases, if everyone uses the same CSW, and one device is violated, they can all be vulnerable.
For example, when someone quits his job, if you don’t renew your prostitute (which many businesses fail to do) then you have left the door open for possible revenge attacks.
The same thing can happen when PSK is the same for all devices. Users who know PSK can capture 4-Way handsets that occur when a wireless device is connected and use this to view other people’s data over the air on the same wireless network. 4-Way handshake is rather easy to catch if the wireless network is vulnerable to de-authentication attacks. Unfortunately, in large part because of methods to prevent this from happening, protected management frames (PMF), are not supported by many wireless devices.
What wireless security issues can result in breach of confidential data and how can individuals or businesses avoid this happening?
Various security issues are very significant.
First, many businesses still use their wireless networks using weak or archaic encryption methods such as WEP / WPA-TKIP because of backwards compatibility with older devices. This method is relatively easy to compromise, and worse, if you use it, your WiFi network will take significant performance, with a maximum data speed of 54Mbps.
Second, as mentioned before, using one PSK for all devices can expose your device to internal attacks. This means that one can set an Access Point (AP) that broadcasts the same wireless network name (‘SSID’) as another trusted source, which creates what is known as a virtual honeypot or fake AP. You might think you are connected to, say, an airport wireless network, or McDonald’s free wireless, even though you are connected to a third party that pretends to be that wireless network. The best defense against this is to use wireless intrusion detection devices (WIDS) which come built into enterprise-class wireless platforms.
Most free WiFi networks are open, so no traffic encryption is performed. Therefore, anyone using an air packet capture tool can see and see all your unencrypted data, such as accessing a website that starts with HTTP where no encryption is used (as opposed to HTTPS). If you are using an open network, it is recommended to use secure access methods such as SSL-VPN to protect from spotters.
Lastly, it’s also important to note that just because your business might use the WPA2-Enteprise security method, this can also potentially be a dictionary and / or human style in an intermediate attack. Authentication methods such as PEAP / EAP-TTLS-based authentication are very safe, if a business has a weak password policy or a password policy that is too complicated (so users write it down and paste it on their monitor so everyone can see) it can result in third parties accessing the wireless network and much more.
Furthermore if an unsecured authentication method is used such as LEAP / MD5 where the password is sent via clear text or in an easy decrytible hash it also leaves the door open for potential violations to occur.
The best countermeasure for this attack is to use a certificate-based authentication method, which removes the human password factor and to enforce the client to validate the certificate during the authentication phase.
Australia is generally considered to be at the forefront of this technology, given its geographical distance and the need to rely more on it – do we also lead in WiFi security?
It is well known that CSIRO and Australian electrical engineer, John O’Sullivan, are credited with inventing WiFi as we know it. However, while we use this technology massively in our daily lives, from long-distance point-to-point communication networks to checking our bank balance, I don’t believe we are leading in security on this front.
In contrast, major wireless security research is taking place in places like China and India, where much of the current development for 802.11 standards and security methods is now taking place.
What should we do to educate the general public about risk?
I am not sure this is possible. The only way to reach a mass audience is through marketing. Unfortunately, many marketing models create misunderstandings for the general public, because when they explain the broad concept of how wireless security works, unfortunately they often contain a lot of confidential information that only works for certain cases and is often not easy for the public. public to implement.
Although we can teach technical staff the best security practices around wireless networks and hope they pass on this knowledge, the best method is to resolve risks through new wireless security methods. For example, with the introduction of WPA3 and Enhanced Open security methods, many improvements have been made to improve wireless security without end user interaction.
How would you recommend a business to overcome this problem in the short and long term?
This really needs to happen from the top down.
Implementing the best wireless technology security methods is often not easy. However, training internal IT staff with relevant knowledge and skills through Industry training courses, such as CWNP (Certified Wireless Network Professionals), may still be the best solution for businesses who want to work with 802.11 wireless networks. These courses provide an in-depth understanding of the basics combined with best practices to use when implementing wireless networks, especially when it comes to choosing the best security method.
If a business does not have enough qualified IT staff, they should contact industry professionals for help and not just assume that because they know how to set up a wireless router in their home, they can build a business or enterprise class network.
What’s next for wireless?
The next concrete step in the wireless technology space was established by the new 802.11ax, WPA3, and Enhanced Open Security standards, which were brought to the table.
802.11ax is designed to overcome many common problems with wireless technology networks, ultimately increasing efficiency and throughput using methods such as BSS Coloring and the multi-user version of OFDM (modulation scheme) to OFDMA, which is the technology currently used in 4G / LTE cellular networks . This will improve user experience and subsequently embed Wi-Fi as the main network access media.
From a security standpoint, the introduction of WPA3 – the successor to WPA2, will prohibit legacy protocols that have expired, require the use of a Protected Management Frame (to prevent de-authentication attacks) and add features to both personal and enterprise authentication methods to further enhance wireless technology.
WPA3-Personal will include a secure key establishment protocol between devices, Simultaneous Authentication of Equals (SAE), this will provide stronger protection for users against the use of weak passwords and attempts to guess passwords by parties third.
WPA3-Enterprise will introduce a stronger encryption method with the 192-bit security suite.
We will also see a new “Enhanced Open” feature that allows supported devices to dynamically set encryption over the air even on open networks. This is based on wireless encryption opportunitics (OWE) which was originally planned to be part of WPA3.
However it is possible that there may be certain features that will not be available in the initial release, just call it “802.11ax Wave 1,” so we might not see some of these features being released until “802.11ax Wave 2”.